Merge pull request #2325 in SNORT/snort3 from ~MIALTIZE/snort3:wizardry2 to master
Squashed commit of the following:
commit
5b1527473e3a55457a3a091e1a5e718abd9a584b
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Jul 16 17:07:22 2020 -0400
wizard: Improve wizard tracing to indicate direction and abandonment
commit
c2cba2ec1205251803b3e501e59113e6a92737eb
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Jul 9 18:12:48 2020 -0400
wizard: Add peg counts for abandoned searches per protocol
commit
558df5a45cfbfee4b783d84973f77a9d95dfb710
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Jul 9 18:05:20 2020 -0400
wizard: Abort the splitter once we've hit the max PDU size
commit
04dbc4e5c9949316c70f4faf26b1c37e10da312b
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Jul 7 18:19:18 2020 -0400
dce_rpc: Improve PAF autodetection for heavily segmented TCP traffic
commit
76b0e4f6c5faf77fa28ed45472d1ca9476e37a99
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Jul 7 12:25:51 2020 -0400
snort_defaults: Remove the NOTIFY, SUBSCRIBE, and UPDATE HTTP methods
These methods overlap with SIP methods, where they are much more
commonly found. Until there is a priority/fallback mechanism for the
Wizard, these patterns will be retired from the HTTP spell.
commit
f5561a1697ec6ac38981e0af094bb225b70910ca
Author: Michael Altizer <mialtize@cisco.com>
Date: Mon Jul 6 18:33:27 2020 -0400
wizard: Abandon the wizard on UDP flows after the first packet
commit
7f65256f9b6a7470ebf5737273e360fe6a1491c6
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Nov 5 17:27:10 2019 -0500
wizard: Report spell and hex configuration errors and warnings
commit
1b08923942d23744a6291cce0d39b4f24c12edbb
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Nov 5 12:58:07 2019 -0500
wizard: Properly terminate hex matching
projects / thirdparty / snort3.git / commit
